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Appln. No. 10/068,776 

REMARKS 

Reconsideration and further examination of this application 
are hereby requested. Claims 1-22 and 35 are currently pending 
in the application. Claims 23-34 and 36 have been canceled. 
A. CLAIM INTERPRETATION 

There appears to be an issue in interpreting one term in the 
claims as amended. It is respectfully submitted that clarifying 
this issue will alleviate many of the claim rejections of the 
present office action. 

In construing patent claims, common, simple English words 
whose meaning is clear and unquestionable {i.e., in the absence 
of an indication that their use in a particular context changes 
their meaning) are construed to mean exactly what they say. In 
other words, plain meaning construction is the presumptive rule. 
See M.P.E.P. § 2111.01 (8th ed. , rev. 5 2006). 

The word "each" arises in independent claims i, il, and 35 
and has apparently been interpreted in the present office action 
to mean "some." Applicant submits that this interpretation is 
not justified given the common meaning of the term "each." The 
term "each" is used as a pronoun in the independent claims. The 
ordinary plain meaning of the pronoun "each" is defined as: 

every one of a group considered individually; 
American Heritage® Dictionary of the English Language, 576 (3d 
ed. 1996) . 
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The office action interprets the security server of He '824 
as being a functional equivalent of the claimed intelligent 
network interface. Regardless of the functional similarities 
between the security server disclosed by He '284 and the claimed 
intelligent network interface, it is important not to loose sight 
of the fact that the claims recite plural intelligent network 
interfaces, and in fact an intelligent network interface between 
the network and each node. By ignoring this claim language, 
claimed elements and their relative arrangement would be read out 
of the claim, the "all elements" legal test not only requires 
that a single prior art reference disclose all the recited 
elements, but also that those elements be disclosed in the same 
arrangement as is claimed; absent such prior art disclosure there 
is no anticipation. ]?lci2ardson v. Suzuki Motor Co , , Ltd. , 868 
F. 2d 1226, 1236, 9 U . S . P . Q . 2d 1913 , 1920 (Fed . Cir. 1989 ) ; 
Perkin- Elmer Corp. v. Compute rvi si on Corp., 732 F.2d 888, 894, 
221 U.S.P.Q. 669, 673 (Fed. Cir. 1984); Connell v. Sears, Roebuck 
& Co., 722 F. 2d 1542, 1548, 220 U.S. P. Q. 193, 198 (Fed. Cir. 
1983) . 

B. ANTICIPATION 

Claims 1-15, 19, 20, 22, and 35 have been rejected under 35 
U.S.C. § 102(b) as being anticipated by He '824 (U.S. Pat. No. 
5,944,824). This rejection is respectfully traversed based on 
the following arguments. 
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CLAIMS 1, 10, AND 35 

in order for a patent claim to be anticipated by the prior 
art, each and every limitation of that claim must be found 
(either expressly or inherently) within the four corners of a 
single prior art reference. See M.P.E.P. § 2131 {8th ed. , rev. 5 
2006) . 

Independent method claim 1 recites: 

providing an intelligent network interface between 
a network and each node on the network 
at lines 3 and 4. Independent method claim 10 recites (refer to 
lines 4 and 5) a similar step. Independent method claim 35 also 
recites (refer to lines 3 and 4) a similar step. Although the He 
^824 reference shows a security server between a network and some 
of its nodes, this prior art disclosure does not provide a 
teaching of doing so for each of its nodes. 

He ^824 does not contain a general teaching of providing an 
intelligent network interface between a network and each node on 
that network. In the illustrated embodiments, some nodes (e.g., 
user nodes 14 of Fig. 1) are shown as being connected to the 
network 10 without being provided with security server between 
the network 10 and the user node 14. If some are disclosed as 
not having it provided, then the disclosure does not read on the 
limitation that it is provided for each. In fact this points out 
a different architecture than that which is claimed in the 
present application. 
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For the above reasons. Applicant respectfully submits that 
the He '824 reference does not anticipate claims 1, 10, and 35, 
nor claims 2-9 depending therefrom. 

CLAIMS 2, 4, AND 5 

Each and every limitation of a claim must be found (either 
expressly or inherently) within a single prior art reference in 
order to be anticipated. M.P.E.P. at § 2131. 

Method claim 2 recites: 

each intelligent network interface providing 

protocol translation based on servlets provided by said 

CMC. ■ ■ ., ■. ■ 

see claim 2 at lines 2 and 3. Claims 4 and 5 recite additional 
aspects of this method step. Npwhfere does He '824 teach or 
suggest a CMC dynamically distributing servlets. 

Although elements of He '824 may act as gateways or bridges 
(i.e., the terminal servers 24) , no code is .distributed from a 
CMC. in the context of the He '824 disclosure, this lack of code 
distribution makes sense . In He ' 824 , the Security Server 15 
provides authorization, user privilege control, user access 
auditing, data integrity, etc., sd it has no need to distribute 
code to perform such services as protocol translation, proxies, 
firewalls, auditing, policy enforcement, and web filtering. 
For the above further reasons. Applicant respectfully 
submits that the He '824 reference does not anticipate claims 2 , 
4, and 5. 
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CLAIM 3 

Each aiid every limitation of a claim must be found (either 
expressly or inherently) within a single prior art reference in 
order to be anticipated. M.P.E.P. at § 2131, 

Method claim 3 recites: 

protocol translation is selected from the any two 

protocols within a single layer of an ISO 7 layer 

protocol stack. 

see claim 3 and lines 2 and 3 . Although He '824 discloses an IP 
network does not disclose protocol translation within a layer or 
'the distribution of servlets to provide the translation. 

For the above further reasons. Applicant respectfully 
submits that the He '824 reference does not anticipate claim 3. 

CLAIM 6 

Each and every limitation of a claim must be found (either 
expressly or inherently) within a single prior art reference in 
order to be anticipated, m.p.e.p. at § 2131. 

Method claim 6 recites: 

said CMC dynamically distributing servlets to 
intelligent network interfaces based on node, said 
servlets selected from the group consisting of tauit 
tolerance automatic rollover servlets, gateway , 
intrusion detection servlets, multi-level firewall _ 
servlets, machine diagnostics servlets, virus scanning 
servlets, and security patching servlets. 

See claim 6 at lines 2-7. 

The examiner concedes that the security server of He '824 

performs all network security functions for the network. This is 
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the opposite of the claimed method, where the security functions 
are performed by the decentralized intelligent network 
interfaces. 

For the above further reasons. Applicant respectfully 
submits that the He '824 reference does not anticipate claim 6. 
CLAIM 7 

Each and every limitation of a claim must be found (either 
expressly or inherently) within a single prior art reference in 
order to be anticipated. M.P.E.P. at § 2131. 

Method claim 7 recites: 

including a Security Paramaters index (SPI) for 
said connection that uniquely identifies said_^ _ 
connection between said first and second intelligent 
network interfaces, 
see claim 7 at lines 25-28. The Examiner notes that He ^824 
discloses use of KERBEROS. However, the KERBEROS encryption 
authentication system does not go so far as to anticipate the 
claimed use of an iPSec Security Parameters Index to uniquely 
identify a connection between two of the claimed invention's 
intelligent network interfaces. 

For the above further reasons. Applicant respectfully 
submits that the He *824 reference does not anticipate claim 7. 
CLAIM 9 

Each and every limitation of a claim must be found (either 
expressly or inherently) within a single prior art reference in 
order to be anticipated. M.P.E.P. at § 2131. 
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Method claim 9 recites: 

providing a plurality of CMC s on said network in a 

hierarchical configuration, 
see claim 9 at lines 2 and 3 . The He v82 4 reference does not ^ : 
teach plural CMCs in a hierarchical configuration. 

He ^824 discloses a single Security Server that contains a 
plurality of security mechanisms. This has nothing to do with 
providing a plurality of CMCs in a hierarchical configuration, 
and in fact is a quite divergent teaching in that it centralizes 
multiple functions rather than distributing them among plural 
devices . 

For the above reasons. Applicant respectfully submits that 
the He '824 reference does not anticipate claim 9 * 
CLAIM 11 

Each and every limitation of a claim must be found (either 
expressly or inherently) within a single prior art reference in. 
order to be anticipated. M. P. E. P. at § 2131. 
Independent apparatus: claim 11 recites: 

an intelligent network interface between each host 
device and said network 
at lines 4 and 5. Although the He -824 reference shows a 
security server between a network and some of its nodes, this 
prior art disclosure does not provide a teaching of an 
intelligent network device between the network each of its host 
devices . 
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He '824 does not contain a general teaching of providing an 
intelligent network interface between a network and each host 
device connected to that network. In the illustrated 
embodiments, some host devices (e.g., user nodes 14 of Fig. 1) 
are shown as being connected to the network 10 without there 
being a security server between the network 10 and the user node 
14. If some are disclosed as not having it provided, then the 
disclosure does not read on the limitation that it is present for 
each . 

For the above reasons. Applicant respectfully submits that 
the He >824 reference does not anticipate claim 11, nor claims 
12-22 depending therefrom. 

CLAIMS 12 and 19 

Each and every limitation of a claim must be found (either 
expressly or inherently) within a single prior art reference in 
order to be anticipated, m.p.e.p. at § 2i3i. 

Apparatus claim 12 recites (refer to lines 2-6) that an 
"intelligent network interface" includes a CPU, memory, and two 
I/O interfaces. Claim 19 recites additional aspects of this 
structure . 

It is noted that that the CPU, memory and interfaces are 
expressly recited as parts of the intelligent network interfaces, 
not the user computer. This arrangement of elements is not 
disclosed by He -824. It is this arrangement of structure that 
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allows the intelligent network interfaces to operate 
transparently and in isolation from standard user applications. 
The CPU and memory are used in intelligent network interfaces 
because it is the primary enforcement point for network security ■ 
policies. He ^824 does not place th^ public in possession of 
this claimed arrangement, and thus does not provide such 

advantageous results. 

For the above further reasons, Applicant respectfully 

submits that the He '824 reference does not anticipate claims 12 

and 19 . 

CLAIMS 13, 14, and 20 

Each and every limitation of a. claim must be. found (either 
expressly or inherently) within a single prior art reference in 
order to be anticipated. M. P. E. P. at § 2131. 

Apparatus claims 13, 14, and 20 each recite hardware or 
software aspects of the "intelligent network interface" that 
define the distinct properties of the intelligent network 
interface that make it capable of enforcing policy on a peer to 
peer basis independent of a central security server other than 
receiving policy requirements. The terminal server taught by He 
'824 is simply an interface to support communication with a 
central security server and perform some limited part of security 
functions based on security server direction about a specific 

session. 
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For the above further reasons. Applicant respectfully 
submits that the He -824 reference does not anticipate claims 13, 
14, and 20. 

CLAIM 15 

Each and every limitation of a claim must be found (either ; 
expressly or inherently) within a single prior art reference in 
order to be anticipated. M.P.E.P. at § 2131. 
Apparatus claim 15 recites: 

each intelligent network interface further 
comprises a serial line authentication port, 
see claim 15 at lines 1-3. Each user node or device of He -824 
does not have its own intelligent network interface. Simply 
because the terminal server of He ^824 has a serial interface 
does not mean it has a "serial line autJaentlcation port" as 
required by the claim. In contrast to the claimed invention, 
according to the He '824 disclosure authentication is performed 
at security server 15 such that there is no need for 
authentication (or an authentication port) at terminal server 24 . 

For the above further reasons. Applicant respectfully 
submits that the He '824 reference does not anticipate claim 15. 
CLAIM 22 

Each and every limitation of a claim must be found (either 
expressly or inherently) within a single prior art reference in 
order to be anticipated. M.P.E.P. at § 2131. 

Apparatus claim 22 recites: 
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a set of dynamically distributable . ^ f 9"^^^^^. 

stored on said CMC for distribution to said intelligent 

network interfaces 
at lines 3-5. He '824 lacks any disclosure of dynamically 
distributed code fragments. Although He ^824 makes mention of 
distribution of data for security, there is no disclosure of 
ynamically distributed code fragments. 

For the above further reasons, Applicant respectfully 
submits that the He ; 824 reference does not anticipate claim 22. 
C. OBVIOUSNESS 
CLAIM 16 

Claim 16 has been rejected under 35 U.S.C. § 103(a) as being 
obvious over He » 824 in view of Liu -136 (U.S. Pat. No. 
6,171,136) . This rejection is respectfully traversed based on 
the following arguments. 

in order to establish a prima facie case of obviousness, the 

prior must teach or suggest all the recited claim limitations. 

That is because the claim must be considered as a whole. See 

M.P.E.P. § 2143 (8th ed., rev. 5 2006). 

AS discussed above in part B of these Remarks {note 

discussion of independent claim 11 and dependent claims 12 and 
15, from which claim 16 depends), the He '824 reference fails to 
disclose claim limitations regarding an intelligent network 
interface between each host device and said network, CPU, memory 
and interface structures, and limitations regarding serial line 
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authentication port. Considered together with He ^824, the 
disclosure of Liu >136 does not providing a teaching or 
suggestion for all of the above-noted missing limitations of the 
deficient He *824 reference. 

For the above reasons, Applicant respectfully submits that 
He '824 and Liu '136, considered together, do not establish a 
prima facie case of obviousness with respect to claim 16. 

CLAIM 17 

Claim 17 has been rejected under 35 U.S.C. § 103(a) as being 
obvious over He '824 in view of He '824 alone. This rejection is 
respectfully traversed based on the following arguments , 

in order to establish a prima facie case of obviousness, the 
prior must teach or suggest all the recited claim limitations. 
That is because the claim must be considered as a whole. 
M.P.E.P. at § 2143. 

AS discussed above in part B of these Remarks (note 
discussion of independent claim 11 and dependent claim 12, from 
which claim 17 depends), the He' '824 reference fails to disclose 
claim limitations regarding an intelligent network interface 
between each host device and said network, and CPU, memory and 
interface structures. The He '824 reference itself provides no 
teaching or suggestion for all of the above-noted missing 
limitations noted in the above non-anticipation arguments 
concerning claims 11 and 12. A suggestion is particularly 
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lacking in View of the fact that He ^824 takes a philosophically 
different approach (centralized versus distributed) that is at 
odds with and teaches away from the claimed invention. 

Furthermore, claim 17 recites a ^parallel port 
authentication port" in the intelligent network interface. 
Although He ^824 discloses a serial port on a terminal server 24, 
and discloses authorization on a security server 15, nowhere is 
there a suggestion of a parallel port authentication port in an 
intelligent network interface. 

For the above reasons, Applicant respectfully submits that 
He >824 does hot establish a prl/na facie case of obviousness with ^ 
respect to claim 17. 
CLAIM 18 

Claim 18 has been rejected under 35 U.S. C. § 103 (a) as being 
obvious over He '824 in view of Kitazaki >936 (U.S. P^t. No. 
6,172,936). This rejection is respectfully traversed based on 

the following arguments . 

in order to establish a pri/na facie case of obviousness, the 
prior must teach or suggest all the recited claim limitations . 
That is because the claim must be considered as a whole. 

M.P.E.P. at § 2143. 

AS discussed above in part B of these Remarks (note 
discussion of independent claim 11 and dependent claim 12, from 
which claim 18 depends) , the He V824 reference fails to disclose 
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Claim limitations regarding an intelligent network interface 
between each host device and said network, and CPU, memory and 
interface structures. Considered together with He ^824, the 
disclosure of Kitazaki ^936 does not providing a teaching or 
suggestion for all of the above-noted missing limitations of the 
deficient He '824 reference. 

Furthermore, claim 18 recites a combination of "flash 
memory" for an operating system and "dynamic memory" for 
applications in the intelligent network interface. The Examiner 
concedes that He *B24 does not disclose this recited feature. 
The Kitazaki ^936 reference discloses that OS and applications 
use the same flash memory (see 14b of Fig. l) , and thias teaches 
away from the claim limitation. 

For the above reasons, Applicant respectfully submits that 
He '824 and Kitazaki '936, considered together, do not establish 
a prima facie case of obviousness with respect to claim 18. 
CLAIM 21 

Claim 21 has been rejected under 35 U.S.C. § 103(a) as being 
obvious over He '824 in view of Walter '677 (U.S. Pat. No. 
6,151,677) . This rejection is respectfully traversed based on 
the following arguments, 

in order to establish a prima facie case of obviousness, the 
prior must teach or suggest all the recited claim limitations. 
That is because the claim must be considered as a whole. 
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M.P.E.P. at § 2143. 

AS discussed above in part B of these Remarks (note 
discussion of independent claim 11, from which claim 21 depends), 
the He ^824 reference fails to disclose claim limitations 
regarding an intelligent network interface between each host 
device and said network. Considered together with He ^824, the 
disclosure of Walter '677 does not providing a teaching or 
suggestion for all of the above-noted missing limitations of the 
deficient He *824 reference. 

For the above reasons, Applicant respectfully submits that 
He '824 and Walter '677, considered together, do not establish a 
prima facie case of obviousness with respect to claim 21. 
D. CLOSING 

For the alDOve reasons, Applicant respectfully submits that 
the application is in condition for allowance with claims 1-22 
and 35. If there remain any issues that may be disposed of via : 
telephonic interview, the Examiner is kindly invited to contact 
the undersigned at the local exchange given below. 
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The Director of the U.S. Patent & Trademark Office is 
authorized to charge any necessary fees, and conversely, deposit 
any credit balance, to Deposit Account No. 18-1579. 

Respectfully submitted, 

ROBERTS MARDULA & WERTHEIM, LLC 

/Kevin L. Pontius/ 

Kevin L. Poiitius, Reg. No. 37512 

JonL. Roberts, J.D., Ph.D., Reg. No. 31293, 

(703) 391-2900 

Roberts Mardula & 
Wertheim, LLC 
11800 Sunrise Valley Dr. 
Suite 1000 
Reston, VA 20191 



